On 12-Oct-16 08:16, David Cantrell wrote: > On Tue, Oct 11, 2016 at 11:14:01AM -0400, Dan Collins wrote: > >> But other modules may work fine with these older versions of the library. >> And, without testers reporting these failures, you wouldn't know that >> Crypt::PKCS10 is failing on those platforms! >> I suspect that you want to probe for the OpenSSL version at the Makefile.PL >> stage, and if there is an insufficient version, fail there. > Perhaps `openssl version` is what you need. It looks like the format is > consistently simple across time: > OpenSSL 1.0.1t 3 May 2016 > OpenSSL 0.9.7e 25 Oct 2004 > > Extract the \d+\.\d+\.\d+ bit and compare it to the minimum acceptable > in Makefile.PL, and exit(0) before writing Makefile if it's too ancient. > Yes, except that there are several streams, among which features and patches get backported semi-randomly. E.g. 1.0.1b may have something that 1.0.2j doesn't. Though it will probably appear in 1.0.2(j+delta).
About the only thing to do is test a function; if it produces the correct result on known input, it can be used. That's where I ended up. Except that I have to test another module that calls OpenSSL and guess why it fails. As for checking on security patches - that's too much trouble. My advice: keep up with patches, or suffer :-( Sigh. BTW, I currently print qx/openssl version/ - which is how I discovered this swamp.
Description: S/MIME Cryptographic Signature